Protection against spam bots
In the previous section we covered bots that analyze raw content of the website but additional steps are needed to prevent malicious scripts from automatically creating spam content within Moodle itself. Moodle has four elements that are targeted by spam bots:
User profiles
E-mail self-registration
User blogs
Internal messaging system
Let us explain each targeted segment in depth and propose the most adequate security measures you as an administrator can apply.
User profiles
Every user account within Moodle has profile. A profile must contain username, password, name, surname, e-mail address, city, and country, while all the other fields are considered optional. The presence of an e-mail address presents a goldmine for any spam bot. Therefore it is essential to protect access to this information only to the logged-in users. Luckily, Moodle offers this as a configuration option. Visit the Administration | Security | Site policies page and make sure that Force users...
